登录Spring Securty时用户帐户被锁定 [英] User account is locked when signing in Spring Securty
问题描述
我遵循了本指南 Spring boot security + JWT 为了了解如何使用Spring Boot安全性和jwt保护应用程序的安全,我正在调用/authenticate api来测试登录功能.
I followed this guide Spring boot security + JWT in order to learn how to secure an application using spring boot security and jwt and i am calling the /authenticate api to test login functionality.
@PostMapping(value = "/authenticate")
public ResponseEntity<?> createAuthenticationToken(@RequestBody User authenticationRequest) throws Exception {
authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
final UserDetails userDetails = userDetailsService
.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(userDetails);
return ResponseEntity.ok(new JwtResponse(token));
}
private void authenticate(String username, String password) throws Exception {
try {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
} catch (DisabledException e) {
throw new Exception("USER_DISABLED", e);
} catch (BadCredentialsException e) {
throw new Exception("INVALID_CREDENTIALS", e);
}
}
我正在使用邮递员调用json中传递用户名和密码的api:
I am using postman to call the api passing username and password in json :
{
"username":"user",
"password":"pass"}
AuthenticationManager.authenticate抛出用户被锁定
AuthenticationManager.authenticate is throwing User is Locked
我对UserDetails的实现直接在用户实体上,而不是最佳实践上,但是我现在没有更好的主意,也许我应该拥有某种实现的DTO,并将其作为createAuthenticationToken的参数()
My implementation of UserDetails is directly on a User Entity, not the best practices but i didnt have a better idea for how to do it now, maybe i should have some kind of DTO that implements is and have it as argument to createAuthenticationToken()
这些是UserDetails中的替代方法:
These are the overriden methods comming from UserDetails:
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
感谢您的帮助.
推荐答案
false 表示该用户已被锁定.您应从该方法中返回 true 以便不锁定该用户.
false means the user is locked.You should return true from the method for the user to be not locked.
这篇关于登录Spring Securty时用户帐户被锁定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!